Vulnerability Details CVE-2023-46384
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
- https://seclists.org/fulldisclosure/2023/Nov/6
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
- https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
- https://seclists.org/fulldisclosure/2023/Nov/6
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
Products affected by CVE-2023-46384
-
cpe:2.3:a:loytec:l-inx_configurator:7.4.10